Basel III & Basel 4 Training Program

Date: July 24-26, 2019

Venue: The Risk Management Academy

Participation Fee: N85, 000

Registration: Call 09071941111; 07034248767. e-mail:

Assessing Risks to Liquidity and Funding in a Bank

The methodology to assess a bank’s liquidity comprises three elements:

  • inherent liquidity risk;
  • inherent funding risk; and
  • its governance and management.

It allows supervisors to form a view of the level of liquidity and funding risks faced by an institution, along with its management and controls. This will lead supervisors to determine whether any specific requirements are necessary to cover these risks to which the bank is or might be exposed.

The liquidity risk assessment evaluates the bank’s short- and medium-term liquidity risk over an appropriate set of time horizons, ensuring that the institution maintains adequate levels of liquidity buffers.

This assessment includes an evaluation of:

  • liquidity needs (short- and medium-term);
  • intraday liquidity;
    liquidity buffer and counterbalancing capacity, and
  • supervisory liquidity stress-testing.

A bank’s funding risk is assessed in order to determine whether the medium- and long-term obligations are met. The assessment is performed throughout an evaluation of:

  • the funding profile;
  • risks to the stability of the funding profile;
  • actual market access; and
  • expected changes in funding risks, based on the bank’s funding plan.

The governance and risk management framework underlying the above-mentioned risks will also be reviewed, providing a comprehensive understanding of the bank’s risk profile. This evaluation comprises an assessment of the liquidity risk strategy and its tolerance, policies and procedures, risk identification, measurement, management, monitoring and reporting, and finally the bank’s own funding and contingency

This assessment will provide supervisors with an outcome which will be reflected in a summary of findings along with a score.


The RMA Certifications

The Risk Management Academy certifications  are designed to meet the specific professional needs of Risk  Managers and practitioners. We currently offer  eight (8) professional risk management certifications. We also provide training assistance in various aspects of risk management covering ISO 31000:2018 ERM, Basel Accords [1-4] and the the COSO framework.


Certified Compliance Professional [DATE: NOVEMBER 20-22, 2019]

The Risk Management Academy would be organizing this Program in November 2019 in Lagos, Nigeria.

Participants will obtain a clear understanding of and appreciation for the necessity of a strong and well-equipped compliance function within any financial services institution.

Through lecture, class exercises, highly interactive participation, and case studies, participants will review the need for financial services regulation, the markets/participants/institutions/instruments over which regulation proceeds, the use of the compliance function as a risk mitigator, the various methods and approaches to compliance with regulatory requirements, establishment of a well-functioning compliance department, and the skills required to succeed as a compliance officer.

Through intense analysis of specific cases concerning compliance and ethical lapses, money laundering, rule violations, delegates will obtain keen insights to reduce the risk of regulatory and compliance problems and to foster a culture of compliance within their own firms.


  • New Compliance Officers
  • Risk Managers
  • Control Function Managers
  • Legal Department Managers
  • Management Consultants
  • Equities Sales and Trading Desk Operations Managers
  • Fixed Income Sales and Trading Desk Operations Managers
  • Investment Banking Administrative Officers
  • Treasurers
  • Financial decision makers in corporations
  • Strategists 


  • How to successfully structure and manage an effective compliance function
  • The immediate impact of an ineffective compliance program
  • The comprehensive loss of revenue, trust, and reputation resulting from a weak compliance environment
  • How regulatory changes can quickly impact your organization and bottom line
  • How to prepare for intense regulatory scrutiny and examinations
  • From multiple case studies that globally illustrate cultures of compliance and strong compliance departments

For details about the program, please contact Dr. Neville Odafe on 09071941111 or send an e-mail to: or


ERM Integrated Framework

Over a decade ago, the Committee of Sponsoring Organizations of the Treadway Commission
(COSO) issued Internal Control – Integrated Framework to help businesses and other entities
assess and enhance their internal control systems. That framework has since been
incorporated into policy, rule, and regulation, and used by thousands of enterprises to better
control their activities in moving toward achievement of their established objectives.

The Risk Management Academy can help your organisation develop and implement this framework seamlessly.


Enterprise Risk Architecture

Enterprise Architecture  & Risk Management Framework  builds on and integrates numerous standards to provide a framework designed to speed your organisation  through the process of modeling your Enterprise Architecture and Enterprise Risk Management.

The RMA can assist your organisation in building a risk management architecture that is scalable and adaptable to global standards.

Send an e-mail to:

Comparing ISO 31000 and ISO 27005

Comparison between ISO 31000 and ISO 27005 risk management processes

by Geraldo Ferreira

Organizations of different sizes and types face both internal and outside influences that can make it uncertain whether or not they will be able to accomplish their objectives. The impact of this uncertainty over a company’s goals is called “risk”. In order to effectively address this issue, two international standards stand out in the risk management space, both of which provide crucial information for performing activities.

The first of these is ISO 31000. With its launch anticipated in October of this year, this norm will serve as a master standard for each and every risk management standard. Because of its general context, it provides overall guidelines to any area of risk management (i.e., finance, engineering, security, among others). Although most organizations already have a defined methodology in place to manage risks, this new standard defines a set of principles that must be followed in order to ensure the effectiveness of risk management. It suggests that companies should continually develop, implement, and improve a framework whose goal is to integrate the process for managing risks associated with governance, strategy, and planning, as well as management, the reporting of data and results, policies, values and culture throughout the entire organization.

The other is ISO 27005. Part of the ISO 27000 since 2008, this standard establishes risk management best practices specifically geared towards risk management for information security, particularly with regards to complying with the requirements of an Information Security Management System (ISMS), as mandated by ABNT NBR ISO/IEC 27001. It establishes that risk management best practices should be defined in accordance with the characteristics of the organization, taking into account the scope of its ISMS, the risk management context, as well as its industry. According to the framework described in this standard for implementing the requirements of ISMS, several different methodologies may be used and different approaches to risk management as it relates to information security may are introduced in the appendix of the document.

Risk Management Best Practices for ISO 31000

Although ISO 31000 depicts the management process more thoroughly, and has differing terms and expressions, both standards address the risk management process in a similar fashion.

According to ISO 31000, organizations typically determine the context and manage risk by identifying it, analyzing it, and subsequently assessing whether the risk should be modified by a strategic approach so as to comply with its risk criteria. Throughout this entire process, these organizations must communicate and consult with stakeholders, while critically monitoring and analyzing the risk and controls that modify it, so as to ensure that no additional risk management approach will be required (see the flow in Figure 1).

Risk Management Best Practices for ISO 27005

As for ISO 27005, risk management as it relates to information security should define the context, evaluate the risks, and address them through a plan, in order to implement the recommendations and decisions. Risk management analyzes the potential events and its consequences prior to deciding what to do and when to do it, so as to reduce risks to an acceptable level. Additionally, the standard includes decisions on the analysis and treatment of risks (illustrated by the two decision points in Figure 2), since risk acceptance activities will ensure that residual risks be explicitly accepted by company management. This is particularly important in situations where control implementation is either omitted or postponed, for example, because of cost.

Although risk management best practices have been developed through time in order to meet specific needs in many areas and industries through the use of distinct methodologies, the adoption of consistent processes within an overarching structure may help ensure that risks are efficiently, effectively, and coherently managed throughout the organization.  ISO 31000 is the parent standard, which provides the overall guidelines and principles to manage any type of risk in a systemic, transparent, and reliable manner, within any scope and context; whereas, ISO270005 is the specialized standard that complements the parent by providing the best practices for managing the risks related to information security.